Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Hi-Jacked by iMesh [RESOLVED]

richcrow

Posted 26 September 2005 - 09:33 AM

richcrow

New Member

Member

9 posts

Installed iMesh and removed it same day. The only file I downloaded I scanned for viruses and deleted immediately without opening it since it DID have a virus. I already went through the required steps and did fix some things but the spyware still exists. Please help me with the attached HiJack log file.

Advertisements

Trevuren

Posted 26 September 2005 - 11:50 AM

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

Click on My Controls at the top right hand corner of the window.

In the left hand column, click "View Topics"

If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down. .Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please do not post in red

4. What antivirus and what firewall are you using?

5. Please DELETE your current HJT program from its present location.

6. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

richcrow

Posted 27 September 2005 - 06:27 AM

richcrow

New Member

Topic Starter

Member

9 posts

Already see improvements. In an effort to save time, would it be possible to cover multiple steps in one shot? I am pretty savvy on computers, so I understand all of what you are telling me and am familiar with the services and such. I almost went ahead and removed all the services that I know shouldn't be there but I figured I would wait for you which is probably smart.

Anyhow, here is the new log file. I look forward to your next reply. Thanks.

Trevuren

Posted 27 September 2005 - 12:06 PM

Trevuren

Old Dog

Retired Staff

18,699 posts

We will continue at this pace until I am sure that you are able to carry out the direction provided easily. The service that I requested you to remove in my last post is still present in your current HJT log.

We want to stop, disable and delete an added service (023)

A. To stop a service and set to 'disabled'

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find the service.===>ajylnqrqjcct

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

B. We will now delete the service:

1. Open HJT

2. Click on Config>>Misc Tools>>Delete an NT Service

3. Copy/Paste ajylnqrqjcct in the space provided and click OK

4. The program will ask you to REBOOT --- Accept

5. REBOOT into SAFE MODE

6. Using Windows Explorer, locate and DELETE the following file (if it still is present):

C:\WINDOWS\system32\qrqjcct<==Folder and content

7. REBOOT back into Normal Mode

8. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

richcrow

Posted 27 September 2005 - 12:48 PM

richcrow

New Member

Topic Starter

Member

9 posts

With all due respect, your last post told me to delete a different folder (bncbi), which may explain why the service was still there. Now that I have deleted the correct one (qrqjcct) according to this post, the service does not exist.

Anyhow, I thank you for your help and will go at your pace. Here is the lastest HJT log.

3. O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe If this entry doesn't mean anything to you, perform the same operation. If you are familiar with it. Then just post a fresh HJT log and we will continue

Trevuren

Posted 27 September 2005 - 05:47 PM

Trevuren

Old Dog

Retired Staff

18,699 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)

Choose to "show hidden files and folders,"

Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.

Trevuren

Posted 28 September 2005 - 12:16 AM

Trevuren

Old Dog

Retired Staff

18,699 posts

A. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)

Choose to "show hidden files and folders,"

Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.